Skip to main content

Dynamic Web Security Overview and Cookie Policy

Learn about security practices that Persado implements for Dynamic Web and how cookies are used in content delivery.

A
Written by Amy Blakemore
Updated over 5 months ago

About Dynamic Web

Dynamic Web is Persado’s real-time web serving solution that enables the deployment of Persado’s AI-powered language to improve engagement and conversions and maximize marketing ROI.

It delivers real-time, AI-generated content experiences that allow businesses to run test-based experiments (e.g., A/B tests) or personalized experiences tailored to individual users through Persado’s Dynamic Content.

Dynamic Web loads asynchronously to ensure seamless website performance, and it aligns with Persado’s security, privacy, and compliance standards to maintain user trust at scale.

Security Overview

At Persado, we prioritize the security of your digital experience. Security practices are deeply ingrained into our software development, operations processes, and tools. These practices are strictly followed by our cross-functional teams to help prevent, detect, and respond to incidents quickly. We collaborate with partners, leading researchers, security institutions, and other industry organizations to stay updated with the latest threats and vulnerabilities. We regularly incorporate advanced security techniques into the products and services we offer (Persado complies with GDPR and CCPA regulations, is ISO 27001 certified, and obtains an annual SOC 2 Type 2 report).

Solution Architecture

There are three primary components that track, organize, and house data and provide reporting capabilities in Dynamic Web. These components include:

  • Dynamic Web Webscript: The JavaScript tag tracks engagement data that are part of the defined campaign and channel. Our JavaScript also sets up a cookie with a hashed user ID.

  • Portal Application for Campaign Reporting:​​ Customers use this application to request content, review and approve content for serving, and view and report on its impact.

  • Persado Data Warehouse: All data generated by Dynamic Web is stored securely in AWS warehouses (unless otherwise agreed upon in your agreement with Persado to use GCP). Any User ID or User Attribute Values created or captured by Persado are hashed using MD5 encryption and stored in either AWS US Virginia, US Oregon, or EU Ireland data centers. (Or for GCP, either US Virginia, US Iowa, EU Netherlands, or EU Finland).

The Persado Cookie

Dynamic Web enables the delivery of experiment-based content to users on your website. To support this experience, cookies are used to store small pieces of information required for content delivery. This section outlines how the Persado cookie works, the role of user consent, and how these factors influence content delivery.

Persado Cookie Functionality

The cookie set by Persado’s webscript is a small, non-essential cookie that primarily contains a hashed user ID. Its primary role is to ensure consistent experiences for returning users. Here's an overview of how it works:

  • User ID Check: When a user visits a page with Dynamic Web implemented, the script first checks if a user ID already exists in the cookie. Note that the cookie has a 1-year expiration or gets lost when the user clears the browser cache.

    • If Yes: The script uses this user ID to ensure that the user sees the same content Variant within the session.

    • If No: The script attempts to locate an ID from the client’s existing tracking system (e.g., Adobe Analytics) and hashes it and stores it in the cookie.

    • Fallback ID Creation: If no existing ID can be found, the script generates a random ID, hashes it, and stores it.

This process helps maintain a consistent experience without tracking sensitive data or maintaining identities. The information stored in the cookie is minimal, consisting only of a hashed user ID used for content consistency.

Classification of the Persado Cookie

The cookie used by Dynamic Web would be classified as a functional, non-essential cookie, third-party cookie. It is not necessary for the basic functioning of the website but provides enhanced functionality, such as ensuring users have a consistent experience across visits. Since it does not contain any sensitive information and is only used to facilitate content consistency, it’s not considered an essential or strictly necessary cookie.

User Consent and Privacy Compliance

Persado does not manage user identities directly and works within the client’s cookie policy framework. The responsibility for determining which scripts are allowed to run based on a user’s cookie consent lies with the client, which is typically managed through a tag manager or third-party cookie Consent Management Platforms (CMPs), such as Cookiebot.

Here’s how the cookie policy impacts a Dynamic Web Persado campaign on your website:

  • If Users Accept Cookies: When users accept cookies, the Persado script runs as usual, using the cookie to ensure a personalized experience.

  • If Users Reject Cookies: For users who reject cookies, the script does not run, and these users receive the control version of the content, without any data collection or personalization applied.

  • Ignoring Consent: If users neither accept nor reject cookies, Persado follows the client’s default policy for handling consent. In this case, the client’s system determines whether the Persado script is allowed to run or should remain disabled.

Managing Cookies in General: Industry Best Practices

In general, websites today must comply with various data privacy regulations, such as the General Data Protection Regulation (GDPR) in the EU and the California Consumer Privacy Act (CCPA) in the U.S. This means that all third-party scripts, including those used for advertising or personalization, must respect user consent preferences regarding cookies.

Most websites implement a cookie consent banner, allowing users to choose which cookies they accept. Based on their choices:

  • Essential Cookies: Always enabled as they are crucial for basic site functionality.

  • Functional, Performance, and Marketing Cookies: These are typically disabled unless explicitly accepted by the user.

For websites using Dynamic Web, once a user submits their cookie preferences, the client's system determines whether the Persado script is allowed to run. If users have opted out of cookies, the script is disabled, and no tracking or personalization occurs.

Handling Scenarios where Cookies are Not Accepted

If a user chooses not to accept cookies, Dynamic Web cannot serve Persado content. Instead, these users are served the default experience of the content. This ensures that user privacy is respected while still allowing the site to function as intended.

Persado's functionality for blocking or running campaigns depends on the cookie policy implemented by the client. Coordination with the client is crucial to ensure that the proper functionality aligns with their cookie consent management. Persado can extend its capabilities by using scripts to dynamically detect and adapt to users' privacy choices. This enables compliance with various regulatory environments, particularly in stricter jurisdictions like California and Europe, where first-party data and cookie restrictions are more rigorous.

Based on user consent, Persado campaigns will either trigger or remain blocked. If cookies are accepted, the campaign is triggered, displaying Persado's content. If cookies are declined, the campaign does not run, and default page content is shown. If no consent decision is made, the campaign does not run until the user gives explicit consent.

If you need to enable scripts that dynamically detect users' privacy choices, please reach out to the Persado team to discuss the details of configuration.

Did this answer your question?